mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-26 18:03:39 +01:00
closed security hole of using evaled code to show globals vars (which contain eg. passwords)
This commit is contained in:
parent
77374edc32
commit
424e3ac8b2
@ -329,7 +329,8 @@
|
||||
}
|
||||
if($val[0] == '@')
|
||||
{
|
||||
$val = 'return '.substr($val,1).';';
|
||||
// removing the $ to close security hole of showing vars, which contain eg. passwords
|
||||
$val = 'return '.substr(str_replace('$','',$val),1).';';
|
||||
// echo "<p>eval('$val')=";
|
||||
$val = eval($val);
|
||||
// echo "'$val'</p>";
|
||||
|
Loading…
Reference in New Issue
Block a user